MIS Chapter ?7? – Flashcards

This is an IT governance framework that is consistent with COSO controls. a) HIPPA b) COBIT c) SoX d) ISACA e) ISO

The Sarbanes-Oxley Act of 2002 was primarily aimed at which functional unit of a corporation? a) Marketing b) Production c) Sales d) IT e) Finance

All of the following are frameworks for implementing Sarbanes-Oxley compliance EXCEPT: a) COSO b) BCP c) COBIT d) ITIL e) Committee for Sponsoring Organization of the Treadway Commission

All of the following are mechanisms that can be created to ensure good IT governance EXCEPT: a) Policies b) Review boards c) Steering Committees d) Consultants e) IT Governance Council

After its PlayStation Network service was compromised, Sony realized that it needed to establish better ____________ governance. a) employee b) customer c) security d) IT e) data

This is a balanced approach to managing a company's IT organization. a) Centralization b) Decentralization c) Federalism d) Joint-Control e) Business Centricity

This type of organization management is where IT controls most of its IT infrastructure in one location. a) Distributed IS organization b) Decentralized IS organization c) Federalism d) Joint-Control IS organization e) Centralized IS organization

Most companies would like to obtain the advantages derived from both centralized and decentralized organizational paradigms. What type of IT governance model would best help them to achieve this goal? a) Distributed Control b) Decentralized c) Federalism d) Joint-Control e) Centralized

IT organizations implement powerful information systems like ERP and SCM that provide centralized data repositories. In addition, IT organizations provide business units with tools that individuals can use to report on and analyze collected data. This IT governance approach is best described as: ________. a) Distributed Control b) Decentralized c) Federalism d) Joint-Control e) Centralized

________ of the 1960's dictated a centralized approach to IT governance. a) Servers b) Mainframes c) Networks d) PCs e) The WWW

________ of the 1980's allowed computing power to spread and gave rise to a decentralized approach to IT governance. a) Servers b) Mainframes c) Networks d) PCs e) The WWW

______________ organizations scatter IT components in different locations to address local business needs. a) Distributed Control b) Decentralized c) Federalism d) Joint-Control e) Centralized

The IT Governance Council reports directly to the board of directors or the ________. a) CIO b) CTO c) CEO d) COO e) CFO

What is a steering committee at the highest level called? a) Executive Steering Committee b) IT Governance Council c) Executive Council of IT d) Systems Steering Council e) Chief Steering Committee

IT governance has two major components: the assignment of decision-making authority and responsibility, and the __________________________. a) cost considerations b) decision rights c) business plan d) capability maturity model e) decision-making mechanisms

Bob has been tasked with creating a plan to keep his company functioning in case of emergency. He needs to create which ONE of the following plans? a) Security Policy b) Emergency Preparedness Plan c) Disaster Continuity Plan d) Collateral Damage Plan e) Business Continuity Plan

Which one of the following can be said about IT security policies? a) IT security policies define the scope and overall expectation for the company's information security program. b) IT security policies discourage standardization and integration. c) IT security policies require an IT-only perspective. d) IT security policies complicate the decision-making process. e) IT security policies are loose to allow for many choices.

IT decisions have been categorized by Peter Weill and Jeanne Ross. These categories include all of the following EXCEPT: a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT security

The decision about approval and justification of new technologies would fall into which one of the five major IT decision categories? a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT investment and prioritization

The decisions that set the foundation for IT capabilities shared throughout an organization fall into which one of the five major IT decision categories? a) IT principles b) IT architecture c) IT infrastructure d) Business application needs e) IT investment and prioritization

This IT governance archetype consists of IT individuals or groups of IT executives. a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

This IT governance archetype consists of C-level executives and at least one other business group. An IT executive may be an additional participant. a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

The establishment of information security policies requires IT leaders to set security standards and business leaders to understand the implications for users and business processes. Therefore, the IT governance archetype recommended in this situation is which one of the following? a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

Information security infrastructure decisions deal with technology selection and configuration. Therefore, the IT governance archetype recommended in this situation is which one of the following? a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly

A steering committee works especially well with this particular IT governance archetype. a) Business monarchy b) IT monarchy c) Feudal d) Federal e) IT Duopoly